//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2024 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

#if canImport(FoundationEssentials)
import FoundationEssentials
#else
import Foundation
#endif
@_spi(SotoInternal) import SotoCore

extension PaymentCryptography {
    // MARK: Enums

    public enum DeriveKeyUsage: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case tr31B0BaseDerivationKey = "TR31_B0_BASE_DERIVATION_KEY"
        case tr31C0CardVerificationKey = "TR31_C0_CARD_VERIFICATION_KEY"
        case tr31D0SymmetricDataEncryptionKey = "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY"
        case tr31E0EmvMkeyAppCryptograms = "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS"
        case tr31E1EmvMkeyConfidentiality = "TR31_E1_EMV_MKEY_CONFIDENTIALITY"
        case tr31E2EmvMkeyIntegrity = "TR31_E2_EMV_MKEY_INTEGRITY"
        case tr31E4EmvMkeyDynamicNumbers = "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS"
        case tr31E5EmvMkeyCardPersonalization = "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION"
        case tr31E6EmvMkeyOther = "TR31_E6_EMV_MKEY_OTHER"
        case tr31K0KeyEncryptionKey = "TR31_K0_KEY_ENCRYPTION_KEY"
        case tr31K1KeyBlockProtectionKey = "TR31_K1_KEY_BLOCK_PROTECTION_KEY"
        case tr31M1Iso97971MacKey = "TR31_M1_ISO_9797_1_MAC_KEY"
        case tr31M3Iso97973MacKey = "TR31_M3_ISO_9797_3_MAC_KEY"
        case tr31M6Iso97975CmacKey = "TR31_M6_ISO_9797_5_CMAC_KEY"
        case tr31M7HmacKey = "TR31_M7_HMAC_KEY"
        case tr31P0PinEncryptionKey = "TR31_P0_PIN_ENCRYPTION_KEY"
        case tr31P1PinGenerationKey = "TR31_P1_PIN_GENERATION_KEY"
        case tr31V1Ibm3624PinVerificationKey = "TR31_V1_IBM3624_PIN_VERIFICATION_KEY"
        case tr31V2VisaPinVerificationKey = "TR31_V2_VISA_PIN_VERIFICATION_KEY"
        public var description: String { return self.rawValue }
    }

    public enum KeyAlgorithm: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case aes128 = "AES_128"
        case aes192 = "AES_192"
        case aes256 = "AES_256"
        case eccNistP256 = "ECC_NIST_P256"
        case eccNistP384 = "ECC_NIST_P384"
        case eccNistP521 = "ECC_NIST_P521"
        case hmacSha224 = "HMAC_SHA224"
        case hmacSha256 = "HMAC_SHA256"
        case hmacSha384 = "HMAC_SHA384"
        case hmacSha512 = "HMAC_SHA512"
        case rsa2048 = "RSA_2048"
        case rsa3072 = "RSA_3072"
        case rsa4096 = "RSA_4096"
        case tdes2Key = "TDES_2KEY"
        case tdes3Key = "TDES_3KEY"
        public var description: String { return self.rawValue }
    }

    public enum KeyCheckValueAlgorithm: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case ansiX924 = "ANSI_X9_24"
        case cmac = "CMAC"
        case hmac = "HMAC"
        public var description: String { return self.rawValue }
    }

    public enum KeyClass: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case asymmetricKeyPair = "ASYMMETRIC_KEY_PAIR"
        case privateKey = "PRIVATE_KEY"
        case publicKey = "PUBLIC_KEY"
        case symmetricKey = "SYMMETRIC_KEY"
        public var description: String { return self.rawValue }
    }

    public enum KeyDerivationFunction: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case ansiX963 = "ANSI_X963"
        case nistSp800 = "NIST_SP800"
        public var description: String { return self.rawValue }
    }

    public enum KeyDerivationHashAlgorithm: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case sha256 = "SHA_256"
        case sha384 = "SHA_384"
        case sha512 = "SHA_512"
        public var description: String { return self.rawValue }
    }

    public enum KeyExportability: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case exportable = "EXPORTABLE"
        case nonExportable = "NON_EXPORTABLE"
        case sensitive = "SENSITIVE"
        public var description: String { return self.rawValue }
    }

    public enum KeyMaterialType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case keyCryptogram = "KEY_CRYPTOGRAM"
        case rootPublicKeyCertificate = "ROOT_PUBLIC_KEY_CERTIFICATE"
        case tr31KeyBlock = "TR31_KEY_BLOCK"
        case tr34KeyBlock = "TR34_KEY_BLOCK"
        case trustedPublicKeyCertificate = "TRUSTED_PUBLIC_KEY_CERTIFICATE"
        public var description: String { return self.rawValue }
    }

    public enum KeyOrigin: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case awsPaymentCryptography = "AWS_PAYMENT_CRYPTOGRAPHY"
        case external = "EXTERNAL"
        public var description: String { return self.rawValue }
    }

    public enum KeyState: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case createComplete = "CREATE_COMPLETE"
        case createInProgress = "CREATE_IN_PROGRESS"
        case deleteComplete = "DELETE_COMPLETE"
        case deletePending = "DELETE_PENDING"
        public var description: String { return self.rawValue }
    }

    public enum KeyUsage: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case tr31B0BaseDerivationKey = "TR31_B0_BASE_DERIVATION_KEY"
        case tr31C0CardVerificationKey = "TR31_C0_CARD_VERIFICATION_KEY"
        case tr31D0SymmetricDataEncryptionKey = "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY"
        case tr31D1AsymmetricKeyForDataEncryption = "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION"
        case tr31E0EmvMkeyAppCryptograms = "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS"
        case tr31E1EmvMkeyConfidentiality = "TR31_E1_EMV_MKEY_CONFIDENTIALITY"
        case tr31E2EmvMkeyIntegrity = "TR31_E2_EMV_MKEY_INTEGRITY"
        case tr31E4EmvMkeyDynamicNumbers = "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS"
        case tr31E5EmvMkeyCardPersonalization = "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION"
        case tr31E6EmvMkeyOther = "TR31_E6_EMV_MKEY_OTHER"
        case tr31K0KeyEncryptionKey = "TR31_K0_KEY_ENCRYPTION_KEY"
        case tr31K1KeyBlockProtectionKey = "TR31_K1_KEY_BLOCK_PROTECTION_KEY"
        case tr31K2Tr34AsymmetricKey = "TR31_K2_TR34_ASYMMETRIC_KEY"
        case tr31K3AsymmetricKeyForKeyAgreement = "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT"
        case tr31M1Iso97971MacKey = "TR31_M1_ISO_9797_1_MAC_KEY"
        case tr31M3Iso97973MacKey = "TR31_M3_ISO_9797_3_MAC_KEY"
        case tr31M6Iso97975CmacKey = "TR31_M6_ISO_9797_5_CMAC_KEY"
        case tr31M7HmacKey = "TR31_M7_HMAC_KEY"
        case tr31P0PinEncryptionKey = "TR31_P0_PIN_ENCRYPTION_KEY"
        case tr31P1PinGenerationKey = "TR31_P1_PIN_GENERATION_KEY"
        case tr31S0AsymmetricKeyForDigitalSignature = "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE"
        case tr31V1Ibm3624PinVerificationKey = "TR31_V1_IBM3624_PIN_VERIFICATION_KEY"
        case tr31V2VisaPinVerificationKey = "TR31_V2_VISA_PIN_VERIFICATION_KEY"
        public var description: String { return self.rawValue }
    }

    public enum SymmetricKeyAlgorithm: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case aes128 = "AES_128"
        case aes192 = "AES_192"
        case aes256 = "AES_256"
        case hmacSha224 = "HMAC_SHA224"
        case hmacSha256 = "HMAC_SHA256"
        case hmacSha384 = "HMAC_SHA384"
        case hmacSha512 = "HMAC_SHA512"
        case tdes2Key = "TDES_2KEY"
        case tdes3Key = "TDES_3KEY"
        public var description: String { return self.rawValue }
    }

    public enum Tr34KeyBlockFormat: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case x9Tr342012 = "X9_TR34_2012"
        public var description: String { return self.rawValue }
    }

    public enum WrappedKeyMaterialFormat: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case keyCryptogram = "KEY_CRYPTOGRAM"
        case tr31KeyBlock = "TR31_KEY_BLOCK"
        case tr34KeyBlock = "TR34_KEY_BLOCK"
        public var description: String { return self.rawValue }
    }

    public enum WrappingKeySpec: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case rsaOaepSha256 = "RSA_OAEP_SHA_256"
        case rsaOaepSha512 = "RSA_OAEP_SHA_512"
        public var description: String { return self.rawValue }
    }

    public enum ExportKeyMaterial: AWSEncodableShape, Sendable {
        /// Key derivation parameter information for key material export using asymmetric ECDH key exchange method.
        case diffieHellmanTr31KeyBlock(ExportDiffieHellmanTr31KeyBlock)
        /// Parameter information for key material export using asymmetric RSA wrap and unwrap key exchange method
        case keyCryptogram(ExportKeyCryptogram)
        /// Parameter information for key material export using symmetric TR-31 key exchange method.
        case tr31KeyBlock(ExportTr31KeyBlock)
        /// Parameter information for key material export using the asymmetric TR-34 key exchange method.
        case tr34KeyBlock(ExportTr34KeyBlock)

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .diffieHellmanTr31KeyBlock(let value):
                try container.encode(value, forKey: .diffieHellmanTr31KeyBlock)
            case .keyCryptogram(let value):
                try container.encode(value, forKey: .keyCryptogram)
            case .tr31KeyBlock(let value):
                try container.encode(value, forKey: .tr31KeyBlock)
            case .tr34KeyBlock(let value):
                try container.encode(value, forKey: .tr34KeyBlock)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .diffieHellmanTr31KeyBlock(let value):
                try value.validate(name: "\(name).diffieHellmanTr31KeyBlock")
            case .keyCryptogram(let value):
                try value.validate(name: "\(name).keyCryptogram")
            case .tr31KeyBlock(let value):
                try value.validate(name: "\(name).tr31KeyBlock")
            case .tr34KeyBlock(let value):
                try value.validate(name: "\(name).tr34KeyBlock")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case diffieHellmanTr31KeyBlock = "DiffieHellmanTr31KeyBlock"
            case keyCryptogram = "KeyCryptogram"
            case tr31KeyBlock = "Tr31KeyBlock"
            case tr34KeyBlock = "Tr34KeyBlock"
        }
    }

    public enum ImportKeyMaterial: AWSEncodableShape, Sendable {
        /// Key derivation parameter information for key material import using asymmetric ECDH key exchange method.
        case diffieHellmanTr31KeyBlock(ImportDiffieHellmanTr31KeyBlock)
        /// Parameter information for key material import using asymmetric RSA wrap and unwrap key exchange method.
        case keyCryptogram(ImportKeyCryptogram)
        /// Parameter information for root public key certificate import.
        case rootCertificatePublicKey(RootCertificatePublicKey)
        /// Parameter information for key material import using symmetric TR-31 key exchange method.
        case tr31KeyBlock(ImportTr31KeyBlock)
        /// Parameter information for key material import using the asymmetric TR-34 key exchange method.
        case tr34KeyBlock(ImportTr34KeyBlock)
        /// Parameter information for trusted public key certificate import.
        case trustedCertificatePublicKey(TrustedCertificatePublicKey)

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .diffieHellmanTr31KeyBlock(let value):
                try container.encode(value, forKey: .diffieHellmanTr31KeyBlock)
            case .keyCryptogram(let value):
                try container.encode(value, forKey: .keyCryptogram)
            case .rootCertificatePublicKey(let value):
                try container.encode(value, forKey: .rootCertificatePublicKey)
            case .tr31KeyBlock(let value):
                try container.encode(value, forKey: .tr31KeyBlock)
            case .tr34KeyBlock(let value):
                try container.encode(value, forKey: .tr34KeyBlock)
            case .trustedCertificatePublicKey(let value):
                try container.encode(value, forKey: .trustedCertificatePublicKey)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .diffieHellmanTr31KeyBlock(let value):
                try value.validate(name: "\(name).diffieHellmanTr31KeyBlock")
            case .keyCryptogram(let value):
                try value.validate(name: "\(name).keyCryptogram")
            case .rootCertificatePublicKey(let value):
                try value.validate(name: "\(name).rootCertificatePublicKey")
            case .tr31KeyBlock(let value):
                try value.validate(name: "\(name).tr31KeyBlock")
            case .tr34KeyBlock(let value):
                try value.validate(name: "\(name).tr34KeyBlock")
            case .trustedCertificatePublicKey(let value):
                try value.validate(name: "\(name).trustedCertificatePublicKey")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case diffieHellmanTr31KeyBlock = "DiffieHellmanTr31KeyBlock"
            case keyCryptogram = "KeyCryptogram"
            case rootCertificatePublicKey = "RootCertificatePublicKey"
            case tr31KeyBlock = "Tr31KeyBlock"
            case tr34KeyBlock = "Tr34KeyBlock"
            case trustedCertificatePublicKey = "TrustedCertificatePublicKey"
        }
    }

    // MARK: Shapes

    public struct Alias: AWSDecodableShape {
        /// A friendly name that you can use to refer to a key. The value must begin with alias/.  Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
        public let aliasName: String
        /// The KeyARN of the key associated with the alias.
        public let keyArn: String?

        @inlinable
        public init(aliasName: String, keyArn: String? = nil) {
            self.aliasName = aliasName
            self.keyArn = keyArn
        }

        private enum CodingKeys: String, CodingKey {
            case aliasName = "AliasName"
            case keyArn = "KeyArn"
        }
    }

    public struct CreateAliasInput: AWSEncodableShape {
        /// A friendly name that you can use to refer to a key. An alias must begin with alias/ followed by a name, for example alias/ExampleAlias. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-).  Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
        public let aliasName: String
        /// The KeyARN of the key to associate with the alias.
        public let keyArn: String?

        @inlinable
        public init(aliasName: String, keyArn: String? = nil) {
            self.aliasName = aliasName
            self.keyArn = keyArn
        }

        public func validate(name: String) throws {
            try self.validate(self.aliasName, name: "aliasName", parent: name, max: 256)
            try self.validate(self.aliasName, name: "aliasName", parent: name, min: 7)
            try self.validate(self.aliasName, name: "aliasName", parent: name, pattern: "^alias/[a-zA-Z0-9/_-]+$")
            try self.validate(self.keyArn, name: "keyArn", parent: name, max: 150)
            try self.validate(self.keyArn, name: "keyArn", parent: name, min: 70)
            try self.validate(self.keyArn, name: "keyArn", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:key/[0-9a-zA-Z]{16,64}$")
        }

        private enum CodingKeys: String, CodingKey {
            case aliasName = "AliasName"
            case keyArn = "KeyArn"
        }
    }

    public struct CreateAliasOutput: AWSDecodableShape {
        /// The alias for the key.
        public let alias: Alias

        @inlinable
        public init(alias: Alias) {
            self.alias = alias
        }

        private enum CodingKeys: String, CodingKey {
            case alias = "Alias"
        }
    }

    public struct CreateKeyInput: AWSEncodableShape {
        /// The intended cryptographic usage of keys derived from the ECC key pair to be created. After creating an ECC key pair, you cannot change the intended cryptographic usage of keys derived from it using ECDH.
        public let deriveKeyUsage: DeriveKeyUsage?
        /// Specifies whether to enable the key. If the key is enabled, it is activated for use within the service. If the key is not enabled, then it is created but not activated. The default value is enabled.
        public let enabled: Bool?
        /// Specifies whether the key is exportable from the service.
        public let exportable: Bool
        /// The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
        public let keyAttributes: KeyAttributes
        /// The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
        public let keyCheckValueAlgorithm: KeyCheckValueAlgorithm?
        /// Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is created. To tag an existing Amazon Web Services Payment Cryptography key, use the TagResource operation. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key.   Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.   Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
        public let tags: [Tag]?

        @inlinable
        public init(deriveKeyUsage: DeriveKeyUsage? = nil, enabled: Bool? = nil, exportable: Bool, keyAttributes: KeyAttributes, keyCheckValueAlgorithm: KeyCheckValueAlgorithm? = nil, tags: [Tag]? = nil) {
            self.deriveKeyUsage = deriveKeyUsage
            self.enabled = enabled
            self.exportable = exportable
            self.keyAttributes = keyAttributes
            self.keyCheckValueAlgorithm = keyCheckValueAlgorithm
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 200)
        }

        private enum CodingKeys: String, CodingKey {
            case deriveKeyUsage = "DeriveKeyUsage"
            case enabled = "Enabled"
            case exportable = "Exportable"
            case keyAttributes = "KeyAttributes"
            case keyCheckValueAlgorithm = "KeyCheckValueAlgorithm"
            case tags = "Tags"
        }
    }

    public struct CreateKeyOutput: AWSDecodableShape {
        /// The key material that contains all the key attributes.
        public let key: Key

        @inlinable
        public init(key: Key) {
            self.key = key
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
        }
    }

    public struct DeleteAliasInput: AWSEncodableShape {
        /// A friendly name that you can use to refer Amazon Web Services Payment Cryptography key. This value must begin with alias/ followed by a name, such as alias/ExampleAlias.
        public let aliasName: String

        @inlinable
        public init(aliasName: String) {
            self.aliasName = aliasName
        }

        public func validate(name: String) throws {
            try self.validate(self.aliasName, name: "aliasName", parent: name, max: 256)
            try self.validate(self.aliasName, name: "aliasName", parent: name, min: 7)
            try self.validate(self.aliasName, name: "aliasName", parent: name, pattern: "^alias/[a-zA-Z0-9/_-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case aliasName = "AliasName"
        }
    }

    public struct DeleteAliasOutput: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteKeyInput: AWSEncodableShape {
        /// The waiting period for key deletion. The default value is seven days.
        public let deleteKeyInDays: Int?
        /// The KeyARN of the key that is scheduled for deletion.
        public let keyIdentifier: String

        @inlinable
        public init(deleteKeyInDays: Int? = nil, keyIdentifier: String) {
            self.deleteKeyInDays = deleteKeyInDays
            self.keyIdentifier = keyIdentifier
        }

        public func validate(name: String) throws {
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, max: 322)
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, min: 7)
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case deleteKeyInDays = "DeleteKeyInDays"
            case keyIdentifier = "KeyIdentifier"
        }
    }

    public struct DeleteKeyOutput: AWSDecodableShape {
        /// The KeyARN of the key that is scheduled for deletion.
        public let key: Key

        @inlinable
        public init(key: Key) {
            self.key = key
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
        }
    }

    public struct ExportAttributes: AWSEncodableShape {
        /// Parameter information for IPEK export.
        public let exportDukptInitialKey: ExportDukptInitialKey?
        /// The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. Specify KCV for IPEK export only. For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
        public let keyCheckValueAlgorithm: KeyCheckValueAlgorithm?

        @inlinable
        public init(exportDukptInitialKey: ExportDukptInitialKey? = nil, keyCheckValueAlgorithm: KeyCheckValueAlgorithm? = nil) {
            self.exportDukptInitialKey = exportDukptInitialKey
            self.keyCheckValueAlgorithm = keyCheckValueAlgorithm
        }

        public func validate(name: String) throws {
            try self.exportDukptInitialKey?.validate(name: "\(name).exportDukptInitialKey")
        }

        private enum CodingKeys: String, CodingKey {
            case exportDukptInitialKey = "ExportDukptInitialKey"
            case keyCheckValueAlgorithm = "KeyCheckValueAlgorithm"
        }
    }

    public struct ExportDiffieHellmanTr31KeyBlock: AWSEncodableShape {
        /// The keyARN of the CA that signed the PublicKeyCertificate for the client's receiving ECC key pair.
        public let certificateAuthorityPublicKeyIdentifier: String
        /// The shared information used when deriving a key using ECDH.
        public let derivationData: DiffieHellmanDerivationData
        /// The key algorithm of the shared derived ECDH key.
        public let deriveKeyAlgorithm: SymmetricKeyAlgorithm
        public let keyBlockHeaders: KeyBlockHeaders?
        /// The key derivation function to use when deriving a key using ECDH.
        public let keyDerivationFunction: KeyDerivationFunction
        /// The hash type to use when deriving a key using ECDH.
        public let keyDerivationHashAlgorithm: KeyDerivationHashAlgorithm
        /// The keyARN of the asymmetric ECC key created within Amazon Web Services Payment Cryptography.
        public let privateKeyIdentifier: String
        /// The public key certificate of the client's receiving ECC key pair, in PEM format (base64 encoded), to use for ECDH key derivation.
        public let publicKeyCertificate: String

        @inlinable
        public init(certificateAuthorityPublicKeyIdentifier: String, derivationData: DiffieHellmanDerivationData, deriveKeyAlgorithm: SymmetricKeyAlgorithm, keyBlockHeaders: KeyBlockHeaders? = nil, keyDerivationFunction: KeyDerivationFunction, keyDerivationHashAlgorithm: KeyDerivationHashAlgorithm, privateKeyIdentifier: String, publicKeyCertificate: String) {
            self.certificateAuthorityPublicKeyIdentifier = certificateAuthorityPublicKeyIdentifier
            self.derivationData = derivationData
            self.deriveKeyAlgorithm = deriveKeyAlgorithm
            self.keyBlockHeaders = keyBlockHeaders
            self.keyDerivationFunction = keyDerivationFunction
            self.keyDerivationHashAlgorithm = keyDerivationHashAlgorithm
            self.privateKeyIdentifier = privateKeyIdentifier
            self.publicKeyCertificate = publicKeyCertificate
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, max: 322)
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, min: 7)
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
            try self.derivationData.validate(name: "\(name).derivationData")
            try self.keyBlockHeaders?.validate(name: "\(name).keyBlockHeaders")
            try self.validate(self.privateKeyIdentifier, name: "privateKeyIdentifier", parent: name, max: 322)
            try self.validate(self.privateKeyIdentifier, name: "privateKeyIdentifier", parent: name, min: 7)
            try self.validate(self.privateKeyIdentifier, name: "privateKeyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
            try self.validate(self.publicKeyCertificate, name: "publicKeyCertificate", parent: name, max: 32768)
            try self.validate(self.publicKeyCertificate, name: "publicKeyCertificate", parent: name, min: 1)
            try self.validate(self.publicKeyCertificate, name: "publicKeyCertificate", parent: name, pattern: "^[^\\[;\\]<>]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityPublicKeyIdentifier = "CertificateAuthorityPublicKeyIdentifier"
            case derivationData = "DerivationData"
            case deriveKeyAlgorithm = "DeriveKeyAlgorithm"
            case keyBlockHeaders = "KeyBlockHeaders"
            case keyDerivationFunction = "KeyDerivationFunction"
            case keyDerivationHashAlgorithm = "KeyDerivationHashAlgorithm"
            case privateKeyIdentifier = "PrivateKeyIdentifier"
            case publicKeyCertificate = "PublicKeyCertificate"
        }
    }

    public struct ExportDukptInitialKey: AWSEncodableShape {
        /// The KSN for IPEK generation using DUKPT.  KSN must be padded before sending to Amazon Web Services Payment Cryptography. KSN hex length should be 20 for a TDES_2KEY key or 24 for an AES key.
        public let keySerialNumber: String

        @inlinable
        public init(keySerialNumber: String) {
            self.keySerialNumber = keySerialNumber
        }

        public func validate(name: String) throws {
            try self.validate(self.keySerialNumber, name: "keySerialNumber", parent: name, max: 24)
            try self.validate(self.keySerialNumber, name: "keySerialNumber", parent: name, min: 20)
            try self.validate(self.keySerialNumber, name: "keySerialNumber", parent: name, pattern: "^[0-9A-F]{20}$|^[0-9A-F]{24}$")
        }

        private enum CodingKeys: String, CodingKey {
            case keySerialNumber = "KeySerialNumber"
        }
    }

    public struct ExportKeyCryptogram: AWSEncodableShape {
        /// The KeyARN of the certificate chain that signs the wrapping key certificate during RSA wrap and unwrap key export.
        public let certificateAuthorityPublicKeyIdentifier: String
        /// The wrapping key certificate in PEM format (base64 encoded). Amazon Web Services Payment Cryptography uses this certificate to wrap the key under export.
        public let wrappingKeyCertificate: String
        /// The wrapping spec for the key under export.
        public let wrappingSpec: WrappingKeySpec?

        @inlinable
        public init(certificateAuthorityPublicKeyIdentifier: String, wrappingKeyCertificate: String, wrappingSpec: WrappingKeySpec? = nil) {
            self.certificateAuthorityPublicKeyIdentifier = certificateAuthorityPublicKeyIdentifier
            self.wrappingKeyCertificate = wrappingKeyCertificate
            self.wrappingSpec = wrappingSpec
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, max: 322)
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, min: 7)
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
            try self.validate(self.wrappingKeyCertificate, name: "wrappingKeyCertificate", parent: name, max: 32768)
            try self.validate(self.wrappingKeyCertificate, name: "wrappingKeyCertificate", parent: name, min: 1)
            try self.validate(self.wrappingKeyCertificate, name: "wrappingKeyCertificate", parent: name, pattern: "^[^\\[;\\]<>]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityPublicKeyIdentifier = "CertificateAuthorityPublicKeyIdentifier"
            case wrappingKeyCertificate = "WrappingKeyCertificate"
            case wrappingSpec = "WrappingSpec"
        }
    }

    public struct ExportKeyInput: AWSEncodableShape {
        /// The attributes for IPEK generation during export.
        public let exportAttributes: ExportAttributes?
        /// The KeyARN of the key under export from Amazon Web Services Payment Cryptography.
        public let exportKeyIdentifier: String
        /// The key block format type, for example, TR-34 or TR-31, to use during key material export.
        public let keyMaterial: ExportKeyMaterial

        @inlinable
        public init(exportAttributes: ExportAttributes? = nil, exportKeyIdentifier: String, keyMaterial: ExportKeyMaterial) {
            self.exportAttributes = exportAttributes
            self.exportKeyIdentifier = exportKeyIdentifier
            self.keyMaterial = keyMaterial
        }

        public func validate(name: String) throws {
            try self.exportAttributes?.validate(name: "\(name).exportAttributes")
            try self.validate(self.exportKeyIdentifier, name: "exportKeyIdentifier", parent: name, max: 322)
            try self.validate(self.exportKeyIdentifier, name: "exportKeyIdentifier", parent: name, min: 7)
            try self.validate(self.exportKeyIdentifier, name: "exportKeyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
            try self.keyMaterial.validate(name: "\(name).keyMaterial")
        }

        private enum CodingKeys: String, CodingKey {
            case exportAttributes = "ExportAttributes"
            case exportKeyIdentifier = "ExportKeyIdentifier"
            case keyMaterial = "KeyMaterial"
        }
    }

    public struct ExportKeyOutput: AWSDecodableShape {
        /// The key material under export as a TR-34 WrappedKeyBlock or a TR-31 WrappedKeyBlock. or a RSA WrappedKeyCryptogram.
        public let wrappedKey: WrappedKey?

        @inlinable
        public init(wrappedKey: WrappedKey? = nil) {
            self.wrappedKey = wrappedKey
        }

        private enum CodingKeys: String, CodingKey {
            case wrappedKey = "WrappedKey"
        }
    }

    public struct ExportTr31KeyBlock: AWSEncodableShape {
        /// Optional metadata for export associated with the key material. This data is signed but transmitted in clear text.
        public let keyBlockHeaders: KeyBlockHeaders?
        /// The KeyARN of the the wrapping key. This key encrypts or wraps the key under export for TR-31 key block generation.
        public let wrappingKeyIdentifier: String

        @inlinable
        public init(keyBlockHeaders: KeyBlockHeaders? = nil, wrappingKeyIdentifier: String) {
            self.keyBlockHeaders = keyBlockHeaders
            self.wrappingKeyIdentifier = wrappingKeyIdentifier
        }

        public func validate(name: String) throws {
            try self.keyBlockHeaders?.validate(name: "\(name).keyBlockHeaders")
            try self.validate(self.wrappingKeyIdentifier, name: "wrappingKeyIdentifier", parent: name, max: 322)
            try self.validate(self.wrappingKeyIdentifier, name: "wrappingKeyIdentifier", parent: name, min: 7)
            try self.validate(self.wrappingKeyIdentifier, name: "wrappingKeyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case keyBlockHeaders = "KeyBlockHeaders"
            case wrappingKeyIdentifier = "WrappingKeyIdentifier"
        }
    }

    public struct ExportTr34KeyBlock: AWSEncodableShape {
        /// The KeyARN of the certificate chain that signs the wrapping key certificate during TR-34 key export.
        public let certificateAuthorityPublicKeyIdentifier: String
        /// The export token to initiate key export from Amazon Web Services Payment Cryptography. It also contains the signing key certificate that will sign the wrapped key during TR-34 key block generation. Call GetParametersForExport to receive an export token. It expires after 30 days. You can use the same export token to export multiple keys from the same service account.
        public let exportToken: String
        /// The format of key block that Amazon Web Services Payment Cryptography will use during key export.
        public let keyBlockFormat: Tr34KeyBlockFormat
        /// Optional metadata for export associated with the key material. This data is signed but transmitted in clear text.
        public let keyBlockHeaders: KeyBlockHeaders?
        /// A random number value that is unique to the TR-34 key block generated using 2 pass. The operation will fail, if a random nonce value is not provided for a TR-34 key block generated using 2 pass.
        public let randomNonce: String?
        /// The KeyARN of the wrapping key certificate. Amazon Web Services Payment Cryptography uses this certificate to wrap the key under export.
        public let wrappingKeyCertificate: String

        @inlinable
        public init(certificateAuthorityPublicKeyIdentifier: String, exportToken: String, keyBlockFormat: Tr34KeyBlockFormat, keyBlockHeaders: KeyBlockHeaders? = nil, randomNonce: String? = nil, wrappingKeyCertificate: String) {
            self.certificateAuthorityPublicKeyIdentifier = certificateAuthorityPublicKeyIdentifier
            self.exportToken = exportToken
            self.keyBlockFormat = keyBlockFormat
            self.keyBlockHeaders = keyBlockHeaders
            self.randomNonce = randomNonce
            self.wrappingKeyCertificate = wrappingKeyCertificate
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, max: 322)
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, min: 7)
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
            try self.validate(self.exportToken, name: "exportToken", parent: name, pattern: "^export-token-[0-9a-zA-Z]{16,64}$")
            try self.keyBlockHeaders?.validate(name: "\(name).keyBlockHeaders")
            try self.validate(self.randomNonce, name: "randomNonce", parent: name, max: 32)
            try self.validate(self.randomNonce, name: "randomNonce", parent: name, min: 16)
            try self.validate(self.randomNonce, name: "randomNonce", parent: name, pattern: "^(?:[0-9a-fA-F][0-9a-fA-F])+$")
            try self.validate(self.wrappingKeyCertificate, name: "wrappingKeyCertificate", parent: name, max: 32768)
            try self.validate(self.wrappingKeyCertificate, name: "wrappingKeyCertificate", parent: name, min: 1)
            try self.validate(self.wrappingKeyCertificate, name: "wrappingKeyCertificate", parent: name, pattern: "^[^\\[;\\]<>]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityPublicKeyIdentifier = "CertificateAuthorityPublicKeyIdentifier"
            case exportToken = "ExportToken"
            case keyBlockFormat = "KeyBlockFormat"
            case keyBlockHeaders = "KeyBlockHeaders"
            case randomNonce = "RandomNonce"
            case wrappingKeyCertificate = "WrappingKeyCertificate"
        }
    }

    public struct GetAliasInput: AWSEncodableShape {
        /// The alias of the Amazon Web Services Payment Cryptography key.
        public let aliasName: String

        @inlinable
        public init(aliasName: String) {
            self.aliasName = aliasName
        }

        public func validate(name: String) throws {
            try self.validate(self.aliasName, name: "aliasName", parent: name, max: 256)
            try self.validate(self.aliasName, name: "aliasName", parent: name, min: 7)
            try self.validate(self.aliasName, name: "aliasName", parent: name, pattern: "^alias/[a-zA-Z0-9/_-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case aliasName = "AliasName"
        }
    }

    public struct GetAliasOutput: AWSDecodableShape {
        /// The alias of the Amazon Web Services Payment Cryptography key.
        public let alias: Alias

        @inlinable
        public init(alias: Alias) {
            self.alias = alias
        }

        private enum CodingKeys: String, CodingKey {
            case alias = "Alias"
        }
    }

    public struct GetKeyInput: AWSEncodableShape {
        /// The KeyARN of the Amazon Web Services Payment Cryptography key.
        public let keyIdentifier: String

        @inlinable
        public init(keyIdentifier: String) {
            self.keyIdentifier = keyIdentifier
        }

        public func validate(name: String) throws {
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, max: 322)
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, min: 7)
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case keyIdentifier = "KeyIdentifier"
        }
    }

    public struct GetKeyOutput: AWSDecodableShape {
        /// The key material, including the immutable and mutable data for the key.
        public let key: Key

        @inlinable
        public init(key: Key) {
            self.key = key
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
        }
    }

    public struct GetParametersForExportInput: AWSEncodableShape {
        /// The key block format type (for example, TR-34 or TR-31) to use during key material export. Export token is only required for a TR-34 key export, TR34_KEY_BLOCK. Export token is not required for TR-31 key export.
        public let keyMaterialType: KeyMaterialType
        /// The signing key algorithm to generate a signing key certificate. This certificate signs the wrapped key under export within the TR-34 key block. RSA_2048 is the only signing key algorithm allowed.
        public let signingKeyAlgorithm: KeyAlgorithm

        @inlinable
        public init(keyMaterialType: KeyMaterialType, signingKeyAlgorithm: KeyAlgorithm) {
            self.keyMaterialType = keyMaterialType
            self.signingKeyAlgorithm = signingKeyAlgorithm
        }

        private enum CodingKeys: String, CodingKey {
            case keyMaterialType = "KeyMaterialType"
            case signingKeyAlgorithm = "SigningKeyAlgorithm"
        }
    }

    public struct GetParametersForExportOutput: AWSDecodableShape {
        /// The export token to initiate key export from Amazon Web Services Payment Cryptography. The export token expires after 30 days. You can use the same export token to export multiple keys from the same service account.
        public let exportToken: String
        /// The validity period of the export token.
        public let parametersValidUntilTimestamp: Date
        /// The algorithm of the signing key certificate for use in TR-34 key block generation. RSA_2048 is the only signing key algorithm allowed.
        public let signingKeyAlgorithm: KeyAlgorithm
        /// The signing key certificate in PEM format (base64 encoded) of the public key for signature within the TR-34 key block. The certificate expires after 30 days.
        public let signingKeyCertificate: String
        /// The root certificate authority (CA) that signed the signing key certificate in PEM format (base64 encoded).
        public let signingKeyCertificateChain: String

        @inlinable
        public init(exportToken: String, parametersValidUntilTimestamp: Date, signingKeyAlgorithm: KeyAlgorithm, signingKeyCertificate: String, signingKeyCertificateChain: String) {
            self.exportToken = exportToken
            self.parametersValidUntilTimestamp = parametersValidUntilTimestamp
            self.signingKeyAlgorithm = signingKeyAlgorithm
            self.signingKeyCertificate = signingKeyCertificate
            self.signingKeyCertificateChain = signingKeyCertificateChain
        }

        private enum CodingKeys: String, CodingKey {
            case exportToken = "ExportToken"
            case parametersValidUntilTimestamp = "ParametersValidUntilTimestamp"
            case signingKeyAlgorithm = "SigningKeyAlgorithm"
            case signingKeyCertificate = "SigningKeyCertificate"
            case signingKeyCertificateChain = "SigningKeyCertificateChain"
        }
    }

    public struct GetParametersForImportInput: AWSEncodableShape {
        /// The method to use for key material import. Import token is only required for TR-34 WrappedKeyBlock (TR34_KEY_BLOCK) and RSA WrappedKeyCryptogram (KEY_CRYPTOGRAM). Import token is not required for TR-31, root public key cerificate or trusted public key certificate.
        public let keyMaterialType: KeyMaterialType
        /// The wrapping key algorithm to generate a wrapping key certificate. This certificate wraps the key under import. At this time, RSA_2048 is the allowed algorithm for TR-34 WrappedKeyBlock import. Additionally, RSA_2048, RSA_3072, RSA_4096 are the allowed algorithms for RSA WrappedKeyCryptogram import.
        public let wrappingKeyAlgorithm: KeyAlgorithm

        @inlinable
        public init(keyMaterialType: KeyMaterialType, wrappingKeyAlgorithm: KeyAlgorithm) {
            self.keyMaterialType = keyMaterialType
            self.wrappingKeyAlgorithm = wrappingKeyAlgorithm
        }

        private enum CodingKeys: String, CodingKey {
            case keyMaterialType = "KeyMaterialType"
            case wrappingKeyAlgorithm = "WrappingKeyAlgorithm"
        }
    }

    public struct GetParametersForImportOutput: AWSDecodableShape {
        /// The import token to initiate key import into Amazon Web Services Payment Cryptography. The import token expires after 30 days. You can use the same import token to import multiple keys to the same service account.
        public let importToken: String
        /// The validity period of the import token.
        public let parametersValidUntilTimestamp: Date
        /// The algorithm of the wrapping key for use within TR-34 WrappedKeyBlock or RSA WrappedKeyCryptogram.
        public let wrappingKeyAlgorithm: KeyAlgorithm
        /// The wrapping key certificate in PEM format (base64 encoded) of the wrapping key for use within the TR-34 key block. The certificate expires in 30 days.
        public let wrappingKeyCertificate: String
        /// The Amazon Web Services Payment Cryptography root certificate authority (CA) that signed the wrapping key certificate in PEM format (base64 encoded).
        public let wrappingKeyCertificateChain: String

        @inlinable
        public init(importToken: String, parametersValidUntilTimestamp: Date, wrappingKeyAlgorithm: KeyAlgorithm, wrappingKeyCertificate: String, wrappingKeyCertificateChain: String) {
            self.importToken = importToken
            self.parametersValidUntilTimestamp = parametersValidUntilTimestamp
            self.wrappingKeyAlgorithm = wrappingKeyAlgorithm
            self.wrappingKeyCertificate = wrappingKeyCertificate
            self.wrappingKeyCertificateChain = wrappingKeyCertificateChain
        }

        private enum CodingKeys: String, CodingKey {
            case importToken = "ImportToken"
            case parametersValidUntilTimestamp = "ParametersValidUntilTimestamp"
            case wrappingKeyAlgorithm = "WrappingKeyAlgorithm"
            case wrappingKeyCertificate = "WrappingKeyCertificate"
            case wrappingKeyCertificateChain = "WrappingKeyCertificateChain"
        }
    }

    public struct GetPublicKeyCertificateInput: AWSEncodableShape {
        /// The KeyARN of the asymmetric key pair.
        public let keyIdentifier: String

        @inlinable
        public init(keyIdentifier: String) {
            self.keyIdentifier = keyIdentifier
        }

        public func validate(name: String) throws {
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, max: 322)
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, min: 7)
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case keyIdentifier = "KeyIdentifier"
        }
    }

    public struct GetPublicKeyCertificateOutput: AWSDecodableShape {
        /// The public key component of the asymmetric key pair in a certificate PEM format (base64 encoded). It is signed by the root certificate authority (CA). The certificate expires in 90 days.
        public let keyCertificate: String
        /// The root certificate authority (CA) that signed the public key certificate in PEM format (base64 encoded) of the asymmetric key pair.
        public let keyCertificateChain: String

        @inlinable
        public init(keyCertificate: String, keyCertificateChain: String) {
            self.keyCertificate = keyCertificate
            self.keyCertificateChain = keyCertificateChain
        }

        private enum CodingKeys: String, CodingKey {
            case keyCertificate = "KeyCertificate"
            case keyCertificateChain = "KeyCertificateChain"
        }
    }

    public struct ImportDiffieHellmanTr31KeyBlock: AWSEncodableShape {
        /// The keyARN of the CA that signed the PublicKeyCertificate for the client's receiving ECC key pair.
        public let certificateAuthorityPublicKeyIdentifier: String
        /// The shared information used when deriving a key using ECDH.
        public let derivationData: DiffieHellmanDerivationData
        /// The key algorithm of the shared derived ECDH key.
        public let deriveKeyAlgorithm: SymmetricKeyAlgorithm
        /// The key derivation function to use when deriving a key using ECDH.
        public let keyDerivationFunction: KeyDerivationFunction
        /// The hash type to use when deriving a key using ECDH.
        public let keyDerivationHashAlgorithm: KeyDerivationHashAlgorithm
        /// The keyARN of the asymmetric ECC key created within Amazon Web Services Payment Cryptography.
        public let privateKeyIdentifier: String
        /// The public key certificate of the client's receiving ECC key pair, in PEM format (base64 encoded), to use for ECDH key derivation.
        public let publicKeyCertificate: String
        /// The ECDH wrapped key block to import.
        public let wrappedKeyBlock: String

        @inlinable
        public init(certificateAuthorityPublicKeyIdentifier: String, derivationData: DiffieHellmanDerivationData, deriveKeyAlgorithm: SymmetricKeyAlgorithm, keyDerivationFunction: KeyDerivationFunction, keyDerivationHashAlgorithm: KeyDerivationHashAlgorithm, privateKeyIdentifier: String, publicKeyCertificate: String, wrappedKeyBlock: String) {
            self.certificateAuthorityPublicKeyIdentifier = certificateAuthorityPublicKeyIdentifier
            self.derivationData = derivationData
            self.deriveKeyAlgorithm = deriveKeyAlgorithm
            self.keyDerivationFunction = keyDerivationFunction
            self.keyDerivationHashAlgorithm = keyDerivationHashAlgorithm
            self.privateKeyIdentifier = privateKeyIdentifier
            self.publicKeyCertificate = publicKeyCertificate
            self.wrappedKeyBlock = wrappedKeyBlock
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, max: 322)
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, min: 7)
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
            try self.derivationData.validate(name: "\(name).derivationData")
            try self.validate(self.privateKeyIdentifier, name: "privateKeyIdentifier", parent: name, max: 322)
            try self.validate(self.privateKeyIdentifier, name: "privateKeyIdentifier", parent: name, min: 7)
            try self.validate(self.privateKeyIdentifier, name: "privateKeyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
            try self.validate(self.publicKeyCertificate, name: "publicKeyCertificate", parent: name, max: 32768)
            try self.validate(self.publicKeyCertificate, name: "publicKeyCertificate", parent: name, min: 1)
            try self.validate(self.publicKeyCertificate, name: "publicKeyCertificate", parent: name, pattern: "^[^\\[;\\]<>]+$")
            try self.validate(self.wrappedKeyBlock, name: "wrappedKeyBlock", parent: name, max: 9984)
            try self.validate(self.wrappedKeyBlock, name: "wrappedKeyBlock", parent: name, min: 56)
            try self.validate(self.wrappedKeyBlock, name: "wrappedKeyBlock", parent: name, pattern: "^[0-9A-Z]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityPublicKeyIdentifier = "CertificateAuthorityPublicKeyIdentifier"
            case derivationData = "DerivationData"
            case deriveKeyAlgorithm = "DeriveKeyAlgorithm"
            case keyDerivationFunction = "KeyDerivationFunction"
            case keyDerivationHashAlgorithm = "KeyDerivationHashAlgorithm"
            case privateKeyIdentifier = "PrivateKeyIdentifier"
            case publicKeyCertificate = "PublicKeyCertificate"
            case wrappedKeyBlock = "WrappedKeyBlock"
        }
    }

    public struct ImportKeyCryptogram: AWSEncodableShape {
        /// Specifies whether the key is exportable from the service.
        public let exportable: Bool
        /// The import token that initiates key import using the asymmetric RSA wrap and unwrap key exchange method into AWS Payment Cryptography. It expires after 30 days. You can use the same import token to import multiple keys to the same service account.
        public let importToken: String
        public let keyAttributes: KeyAttributes
        /// The RSA wrapped key cryptogram under import.
        public let wrappedKeyCryptogram: String
        /// The wrapping spec for the wrapped key cryptogram.
        public let wrappingSpec: WrappingKeySpec?

        @inlinable
        public init(exportable: Bool, importToken: String, keyAttributes: KeyAttributes, wrappedKeyCryptogram: String, wrappingSpec: WrappingKeySpec? = nil) {
            self.exportable = exportable
            self.importToken = importToken
            self.keyAttributes = keyAttributes
            self.wrappedKeyCryptogram = wrappedKeyCryptogram
            self.wrappingSpec = wrappingSpec
        }

        public func validate(name: String) throws {
            try self.validate(self.importToken, name: "importToken", parent: name, pattern: "^import-token-[0-9a-zA-Z]{16,64}$")
            try self.validate(self.wrappedKeyCryptogram, name: "wrappedKeyCryptogram", parent: name, max: 4096)
            try self.validate(self.wrappedKeyCryptogram, name: "wrappedKeyCryptogram", parent: name, min: 16)
            try self.validate(self.wrappedKeyCryptogram, name: "wrappedKeyCryptogram", parent: name, pattern: "^[0-9A-F]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case exportable = "Exportable"
            case importToken = "ImportToken"
            case keyAttributes = "KeyAttributes"
            case wrappedKeyCryptogram = "WrappedKeyCryptogram"
            case wrappingSpec = "WrappingSpec"
        }
    }

    public struct ImportKeyInput: AWSEncodableShape {
        /// Specifies whether import key is enabled.
        public let enabled: Bool?
        /// The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
        public let keyCheckValueAlgorithm: KeyCheckValueAlgorithm?
        /// The key or public key certificate type to use during key material import, for example TR-34 or RootCertificatePublicKey.
        public let keyMaterial: ImportKeyMaterial
        /// Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is imported. To tag an existing Amazon Web Services Payment Cryptography key, use the TagResource operation. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the specified one.  Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.   Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
        public let tags: [Tag]?

        @inlinable
        public init(enabled: Bool? = nil, keyCheckValueAlgorithm: KeyCheckValueAlgorithm? = nil, keyMaterial: ImportKeyMaterial, tags: [Tag]? = nil) {
            self.enabled = enabled
            self.keyCheckValueAlgorithm = keyCheckValueAlgorithm
            self.keyMaterial = keyMaterial
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.keyMaterial.validate(name: "\(name).keyMaterial")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 200)
        }

        private enum CodingKeys: String, CodingKey {
            case enabled = "Enabled"
            case keyCheckValueAlgorithm = "KeyCheckValueAlgorithm"
            case keyMaterial = "KeyMaterial"
            case tags = "Tags"
        }
    }

    public struct ImportKeyOutput: AWSDecodableShape {
        /// The KeyARN of the key material imported within Amazon Web Services Payment Cryptography.
        public let key: Key

        @inlinable
        public init(key: Key) {
            self.key = key
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
        }
    }

    public struct ImportTr31KeyBlock: AWSEncodableShape {
        /// The TR-31 wrapped key block to import.
        public let wrappedKeyBlock: String
        /// The KeyARN of the key that will decrypt or unwrap a TR-31 key block during import.
        public let wrappingKeyIdentifier: String

        @inlinable
        public init(wrappedKeyBlock: String, wrappingKeyIdentifier: String) {
            self.wrappedKeyBlock = wrappedKeyBlock
            self.wrappingKeyIdentifier = wrappingKeyIdentifier
        }

        public func validate(name: String) throws {
            try self.validate(self.wrappedKeyBlock, name: "wrappedKeyBlock", parent: name, max: 9984)
            try self.validate(self.wrappedKeyBlock, name: "wrappedKeyBlock", parent: name, min: 56)
            try self.validate(self.wrappedKeyBlock, name: "wrappedKeyBlock", parent: name, pattern: "^[0-9A-Z]+$")
            try self.validate(self.wrappingKeyIdentifier, name: "wrappingKeyIdentifier", parent: name, max: 322)
            try self.validate(self.wrappingKeyIdentifier, name: "wrappingKeyIdentifier", parent: name, min: 7)
            try self.validate(self.wrappingKeyIdentifier, name: "wrappingKeyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case wrappedKeyBlock = "WrappedKeyBlock"
            case wrappingKeyIdentifier = "WrappingKeyIdentifier"
        }
    }

    public struct ImportTr34KeyBlock: AWSEncodableShape {
        /// The KeyARN of the certificate chain that signs the signing key certificate during TR-34 key import.
        public let certificateAuthorityPublicKeyIdentifier: String
        /// The import token that initiates key import using the asymmetric TR-34 key exchange method into Amazon Web Services Payment Cryptography. It expires after 30 days. You can use the same import token to import multiple keys to the same service account.
        public let importToken: String
        /// The key block format to use during key import. The only value allowed is X9_TR34_2012.
        public let keyBlockFormat: Tr34KeyBlockFormat
        /// A random number value that is unique to the TR-34 key block generated using 2 pass. The operation will fail, if a random nonce value is not provided for a TR-34 key block generated using 2 pass.
        public let randomNonce: String?
        /// The public key component in PEM certificate format of the private key that signs the KDH TR-34 WrappedKeyBlock.
        public let signingKeyCertificate: String
        /// The TR-34 wrapped key block to import.
        public let wrappedKeyBlock: String

        @inlinable
        public init(certificateAuthorityPublicKeyIdentifier: String, importToken: String, keyBlockFormat: Tr34KeyBlockFormat, randomNonce: String? = nil, signingKeyCertificate: String, wrappedKeyBlock: String) {
            self.certificateAuthorityPublicKeyIdentifier = certificateAuthorityPublicKeyIdentifier
            self.importToken = importToken
            self.keyBlockFormat = keyBlockFormat
            self.randomNonce = randomNonce
            self.signingKeyCertificate = signingKeyCertificate
            self.wrappedKeyBlock = wrappedKeyBlock
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, max: 322)
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, min: 7)
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
            try self.validate(self.importToken, name: "importToken", parent: name, pattern: "^import-token-[0-9a-zA-Z]{16,64}$")
            try self.validate(self.randomNonce, name: "randomNonce", parent: name, max: 32)
            try self.validate(self.randomNonce, name: "randomNonce", parent: name, min: 16)
            try self.validate(self.randomNonce, name: "randomNonce", parent: name, pattern: "^(?:[0-9a-fA-F][0-9a-fA-F])+$")
            try self.validate(self.signingKeyCertificate, name: "signingKeyCertificate", parent: name, max: 32768)
            try self.validate(self.signingKeyCertificate, name: "signingKeyCertificate", parent: name, min: 1)
            try self.validate(self.signingKeyCertificate, name: "signingKeyCertificate", parent: name, pattern: "^[^\\[;\\]<>]+$")
            try self.validate(self.wrappedKeyBlock, name: "wrappedKeyBlock", parent: name, max: 4096)
            try self.validate(self.wrappedKeyBlock, name: "wrappedKeyBlock", parent: name, min: 2)
            try self.validate(self.wrappedKeyBlock, name: "wrappedKeyBlock", parent: name, pattern: "^[0-9A-F]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityPublicKeyIdentifier = "CertificateAuthorityPublicKeyIdentifier"
            case importToken = "ImportToken"
            case keyBlockFormat = "KeyBlockFormat"
            case randomNonce = "RandomNonce"
            case signingKeyCertificate = "SigningKeyCertificate"
            case wrappedKeyBlock = "WrappedKeyBlock"
        }
    }

    public struct Key: AWSDecodableShape {
        /// The date and time when the key was created.
        public let createTimestamp: Date
        /// The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when KeyState is DELETE_PENDING and the key is scheduled for deletion.
        public let deletePendingTimestamp: Date?
        /// The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when when the KeyState is DELETE_COMPLETE and the Amazon Web Services Payment Cryptography key is deleted.
        public let deleteTimestamp: Date?
        /// The cryptographic usage of an ECDH derived key as deﬁned in section A.5.2 of the TR-31 spec.
        public let deriveKeyUsage: DeriveKeyUsage?
        /// Specifies whether the key is enabled.
        public let enabled: Bool
        /// Specifies whether the key is exportable. This data is immutable after the key is created.
        public let exportable: Bool
        /// The Amazon Resource Name (ARN) of the key.
        public let keyArn: String
        /// The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
        public let keyAttributes: KeyAttributes
        /// The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
        public let keyCheckValue: String
        /// The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
        public let keyCheckValueAlgorithm: KeyCheckValueAlgorithm
        /// The source of the key material. For keys created within Amazon Web Services Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into Amazon Web Services Payment Cryptography, the value is EXTERNAL.
        public let keyOrigin: KeyOrigin
        /// The state of key that is being created or deleted.
        public let keyState: KeyState
        /// The date and time after which Amazon Web Services Payment Cryptography will start using the key material for cryptographic operations.
        public let usageStartTimestamp: Date?
        /// The date and time after which Amazon Web Services Payment Cryptography will stop using the key material for cryptographic operations.
        public let usageStopTimestamp: Date?

        @inlinable
        public init(createTimestamp: Date, deletePendingTimestamp: Date? = nil, deleteTimestamp: Date? = nil, deriveKeyUsage: DeriveKeyUsage? = nil, enabled: Bool, exportable: Bool, keyArn: String, keyAttributes: KeyAttributes, keyCheckValue: String, keyCheckValueAlgorithm: KeyCheckValueAlgorithm, keyOrigin: KeyOrigin, keyState: KeyState, usageStartTimestamp: Date? = nil, usageStopTimestamp: Date? = nil) {
            self.createTimestamp = createTimestamp
            self.deletePendingTimestamp = deletePendingTimestamp
            self.deleteTimestamp = deleteTimestamp
            self.deriveKeyUsage = deriveKeyUsage
            self.enabled = enabled
            self.exportable = exportable
            self.keyArn = keyArn
            self.keyAttributes = keyAttributes
            self.keyCheckValue = keyCheckValue
            self.keyCheckValueAlgorithm = keyCheckValueAlgorithm
            self.keyOrigin = keyOrigin
            self.keyState = keyState
            self.usageStartTimestamp = usageStartTimestamp
            self.usageStopTimestamp = usageStopTimestamp
        }

        private enum CodingKeys: String, CodingKey {
            case createTimestamp = "CreateTimestamp"
            case deletePendingTimestamp = "DeletePendingTimestamp"
            case deleteTimestamp = "DeleteTimestamp"
            case deriveKeyUsage = "DeriveKeyUsage"
            case enabled = "Enabled"
            case exportable = "Exportable"
            case keyArn = "KeyArn"
            case keyAttributes = "KeyAttributes"
            case keyCheckValue = "KeyCheckValue"
            case keyCheckValueAlgorithm = "KeyCheckValueAlgorithm"
            case keyOrigin = "KeyOrigin"
            case keyState = "KeyState"
            case usageStartTimestamp = "UsageStartTimestamp"
            case usageStopTimestamp = "UsageStopTimestamp"
        }
    }

    public struct KeyAttributes: AWSEncodableShape & AWSDecodableShape {
        /// The key algorithm to be use during creation of an Amazon Web Services Payment Cryptography key. For symmetric keys, Amazon Web Services Payment Cryptography supports AES and TDES algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography supports RSA and ECC_NIST algorithms.
        public let keyAlgorithm: KeyAlgorithm
        /// The type of Amazon Web Services Payment Cryptography key to create, which determines the classiﬁcation of the cryptographic method and whether Amazon Web Services Payment Cryptography key contains a symmetric key or an asymmetric key pair.
        public let keyClass: KeyClass
        /// The list of cryptographic operations that you can perform using the key.
        public let keyModesOfUse: KeyModesOfUse
        /// The cryptographic usage of an Amazon Web Services Payment Cryptography key as deﬁned in section A.5.2 of the TR-31 spec.
        public let keyUsage: KeyUsage

        @inlinable
        public init(keyAlgorithm: KeyAlgorithm, keyClass: KeyClass, keyModesOfUse: KeyModesOfUse, keyUsage: KeyUsage) {
            self.keyAlgorithm = keyAlgorithm
            self.keyClass = keyClass
            self.keyModesOfUse = keyModesOfUse
            self.keyUsage = keyUsage
        }

        private enum CodingKeys: String, CodingKey {
            case keyAlgorithm = "KeyAlgorithm"
            case keyClass = "KeyClass"
            case keyModesOfUse = "KeyModesOfUse"
            case keyUsage = "KeyUsage"
        }
    }

    public struct KeyBlockHeaders: AWSEncodableShape {
        /// Specifies subsequent exportability of the key within the key block after it is received by the receiving party. It can be used to further restrict exportability of the key after export from Amazon Web Services Payment Cryptography. When set to EXPORTABLE, the key can be subsequently exported by the receiver under a KEK using TR-31 or TR-34 key block export only. When set to NON_EXPORTABLE, the key cannot be subsequently exported by the receiver. When set to SENSITIVE, the key can be exported by the receiver under a KEK using TR-31, TR-34, RSA wrap and unwrap cryptogram or using a symmetric cryptogram key export method. For further information refer to ANSI X9.143-2022.
        public let keyExportability: KeyExportability?
        public let keyModesOfUse: KeyModesOfUse?
        /// Parameter used to indicate the version of the key carried in the key block or indicate the value carried in the key block is a component of a key.
        public let keyVersion: String?
        /// Parameter used to indicate the type of optional data in key block headers. Refer to ANSI X9.143-2022 for information on allowed data type for optional blocks. Optional block character limit is 112 characters. For each optional block, 2 characters are reserved for optional block ID and 2 characters reserved for optional block length. More than one optional blocks can be included as long as the combined length does not increase 112 characters.
        public let optionalBlocks: [String: String]?

        @inlinable
        public init(keyExportability: KeyExportability? = nil, keyModesOfUse: KeyModesOfUse? = nil, keyVersion: String? = nil, optionalBlocks: [String: String]? = nil) {
            self.keyExportability = keyExportability
            self.keyModesOfUse = keyModesOfUse
            self.keyVersion = keyVersion
            self.optionalBlocks = optionalBlocks
        }

        public func validate(name: String) throws {
            try self.validate(self.keyVersion, name: "keyVersion", parent: name, max: 2)
            try self.validate(self.keyVersion, name: "keyVersion", parent: name, min: 2)
            try self.validate(self.keyVersion, name: "keyVersion", parent: name, pattern: "^[0-9A-Z]{2}+$")
            try self.optionalBlocks?.forEach {
                try validate($0.key, name: "optionalBlocks.key", parent: name, max: 2)
                try validate($0.key, name: "optionalBlocks.key", parent: name, min: 2)
                try validate($0.key, name: "optionalBlocks.key", parent: name, pattern: "^[0-9A-Z]{2}+$")
                try validate($0.value, name: "optionalBlocks[\"\($0.key)\"]", parent: name, max: 108)
                try validate($0.value, name: "optionalBlocks[\"\($0.key)\"]", parent: name, min: 1)
                try validate($0.value, name: "optionalBlocks[\"\($0.key)\"]", parent: name, pattern: "^[0-9A-Z]+$")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case keyExportability = "KeyExportability"
            case keyModesOfUse = "KeyModesOfUse"
            case keyVersion = "KeyVersion"
            case optionalBlocks = "OptionalBlocks"
        }
    }

    public struct KeyModesOfUse: AWSEncodableShape & AWSDecodableShape {
        /// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to decrypt data.
        public let decrypt: Bool?
        /// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to derive new keys.
        public let deriveKey: Bool?
        /// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to encrypt data.
        public let encrypt: Bool?
        /// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
        public let generate: Bool?
        /// Speciﬁes whether an Amazon Web Services Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
        public let noRestrictions: Bool?
        /// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used for signing.
        public let sign: Bool?
        /// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to unwrap other keys.
        public let unwrap: Bool?
        /// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to verify signatures.
        public let verify: Bool?
        /// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to wrap other keys.
        public let wrap: Bool?

        @inlinable
        public init(decrypt: Bool? = nil, deriveKey: Bool? = nil, encrypt: Bool? = nil, generate: Bool? = nil, noRestrictions: Bool? = nil, sign: Bool? = nil, unwrap: Bool? = nil, verify: Bool? = nil, wrap: Bool? = nil) {
            self.decrypt = decrypt
            self.deriveKey = deriveKey
            self.encrypt = encrypt
            self.generate = generate
            self.noRestrictions = noRestrictions
            self.sign = sign
            self.unwrap = unwrap
            self.verify = verify
            self.wrap = wrap
        }

        private enum CodingKeys: String, CodingKey {
            case decrypt = "Decrypt"
            case deriveKey = "DeriveKey"
            case encrypt = "Encrypt"
            case generate = "Generate"
            case noRestrictions = "NoRestrictions"
            case sign = "Sign"
            case unwrap = "Unwrap"
            case verify = "Verify"
            case wrap = "Wrap"
        }
    }

    public struct KeySummary: AWSDecodableShape {
        /// Specifies whether the key is enabled.
        public let enabled: Bool
        /// Specifies whether the key is exportable. This data is immutable after the key is created.
        public let exportable: Bool
        /// The Amazon Resource Name (ARN) of the key.
        public let keyArn: String
        /// The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
        public let keyAttributes: KeyAttributes
        /// The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
        public let keyCheckValue: String
        /// The state of an Amazon Web Services Payment Cryptography that is being created or deleted.
        public let keyState: KeyState

        @inlinable
        public init(enabled: Bool, exportable: Bool, keyArn: String, keyAttributes: KeyAttributes, keyCheckValue: String, keyState: KeyState) {
            self.enabled = enabled
            self.exportable = exportable
            self.keyArn = keyArn
            self.keyAttributes = keyAttributes
            self.keyCheckValue = keyCheckValue
            self.keyState = keyState
        }

        private enum CodingKeys: String, CodingKey {
            case enabled = "Enabled"
            case exportable = "Exportable"
            case keyArn = "KeyArn"
            case keyAttributes = "KeyAttributes"
            case keyCheckValue = "KeyCheckValue"
            case keyState = "KeyState"
        }
    }

    public struct ListAliasesInput: AWSEncodableShape {
        /// The keyARN for which you want to list all aliases.
        public let keyArn: String?
        /// Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
        public let maxResults: Int?
        /// Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextToken from the truncated response you just received.
        public let nextToken: String?

        @inlinable
        public init(keyArn: String? = nil, maxResults: Int? = nil, nextToken: String? = nil) {
            self.keyArn = keyArn
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.keyArn, name: "keyArn", parent: name, max: 150)
            try self.validate(self.keyArn, name: "keyArn", parent: name, min: 70)
            try self.validate(self.keyArn, name: "keyArn", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:key/[0-9a-zA-Z]{16,64}$")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 100)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 8192)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case keyArn = "KeyArn"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListAliasesOutput: AWSDecodableShape {
        /// The list of aliases. Each alias describes the KeyArn contained within.
        public let aliases: [Alias]
        /// The token for the next set of results, or an empty or null value if there are no more results.
        public let nextToken: String?

        @inlinable
        public init(aliases: [Alias], nextToken: String? = nil) {
            self.aliases = aliases
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case aliases = "Aliases"
            case nextToken = "NextToken"
        }
    }

    public struct ListKeysInput: AWSEncodableShape {
        /// The key state of the keys you want to list.
        public let keyState: KeyState?
        /// Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
        public let maxResults: Int?
        /// Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextToken from the truncated response you just received.
        public let nextToken: String?

        @inlinable
        public init(keyState: KeyState? = nil, maxResults: Int? = nil, nextToken: String? = nil) {
            self.keyState = keyState
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 100)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 8192)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case keyState = "KeyState"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListKeysOutput: AWSDecodableShape {
        /// The list of keys created within the caller's Amazon Web Services account and Amazon Web Services Region.
        public let keys: [KeySummary]
        /// The token for the next set of results, or an empty or null value if there are no more results.
        public let nextToken: String?

        @inlinable
        public init(keys: [KeySummary], nextToken: String? = nil) {
            self.keys = keys
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case keys = "Keys"
            case nextToken = "NextToken"
        }
    }

    public struct ListTagsForResourceInput: AWSEncodableShape {
        /// Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
        public let maxResults: Int?
        /// Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextToken from the truncated response you just received.
        public let nextToken: String?
        /// The KeyARN of the key whose tags you are getting.
        public let resourceArn: String

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, resourceArn: String) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 100)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 8192)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 150)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 70)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:key/[0-9a-zA-Z]{16,64}$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case resourceArn = "ResourceArn"
        }
    }

    public struct ListTagsForResourceOutput: AWSDecodableShape {
        /// The token for the next set of results, or an empty or null value if there are no more results.
        public let nextToken: String?
        /// The list of tags associated with a ResourceArn. Each tag will list the key-value pair contained within that tag.
        public let tags: [Tag]

        @inlinable
        public init(nextToken: String? = nil, tags: [Tag]) {
            self.nextToken = nextToken
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case tags = "Tags"
        }
    }

    public struct ResourceNotFoundException: AWSErrorShape {
        /// The string for the exception.
        public let resourceId: String?

        @inlinable
        public init(resourceId: String? = nil) {
            self.resourceId = resourceId
        }

        private enum CodingKeys: String, CodingKey {
            case resourceId = "ResourceId"
        }
    }

    public struct RestoreKeyInput: AWSEncodableShape {
        /// The KeyARN of the key to be restored within Amazon Web Services Payment Cryptography.
        public let keyIdentifier: String

        @inlinable
        public init(keyIdentifier: String) {
            self.keyIdentifier = keyIdentifier
        }

        public func validate(name: String) throws {
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, max: 322)
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, min: 7)
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case keyIdentifier = "KeyIdentifier"
        }
    }

    public struct RestoreKeyOutput: AWSDecodableShape {
        /// The key material of the restored key. The KeyState will change to CREATE_COMPLETE and value for DeletePendingTimestamp gets removed.
        public let key: Key

        @inlinable
        public init(key: Key) {
            self.key = key
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
        }
    }

    public struct RootCertificatePublicKey: AWSEncodableShape {
        /// The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the root public key is imported.
        public let keyAttributes: KeyAttributes
        /// Parameter information for root public key certificate import.
        public let publicKeyCertificate: String

        @inlinable
        public init(keyAttributes: KeyAttributes, publicKeyCertificate: String) {
            self.keyAttributes = keyAttributes
            self.publicKeyCertificate = publicKeyCertificate
        }

        public func validate(name: String) throws {
            try self.validate(self.publicKeyCertificate, name: "publicKeyCertificate", parent: name, max: 32768)
            try self.validate(self.publicKeyCertificate, name: "publicKeyCertificate", parent: name, min: 1)
            try self.validate(self.publicKeyCertificate, name: "publicKeyCertificate", parent: name, pattern: "^[^\\[;\\]<>]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case keyAttributes = "KeyAttributes"
            case publicKeyCertificate = "PublicKeyCertificate"
        }
    }

    public struct StartKeyUsageInput: AWSEncodableShape {
        /// The KeyArn of the key.
        public let keyIdentifier: String

        @inlinable
        public init(keyIdentifier: String) {
            self.keyIdentifier = keyIdentifier
        }

        public func validate(name: String) throws {
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, max: 322)
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, min: 7)
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case keyIdentifier = "KeyIdentifier"
        }
    }

    public struct StartKeyUsageOutput: AWSDecodableShape {
        /// The KeyARN of the Amazon Web Services Payment Cryptography key activated for use.
        public let key: Key

        @inlinable
        public init(key: Key) {
            self.key = key
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
        }
    }

    public struct StopKeyUsageInput: AWSEncodableShape {
        /// The KeyArn of the key.
        public let keyIdentifier: String

        @inlinable
        public init(keyIdentifier: String) {
            self.keyIdentifier = keyIdentifier
        }

        public func validate(name: String) throws {
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, max: 322)
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, min: 7)
            try self.validate(self.keyIdentifier, name: "keyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case keyIdentifier = "KeyIdentifier"
        }
    }

    public struct StopKeyUsageOutput: AWSDecodableShape {
        /// The KeyARN of the key.
        public let key: Key

        @inlinable
        public init(key: Key) {
            self.key = key
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
        }
    }

    public struct Tag: AWSEncodableShape & AWSDecodableShape {
        /// The key of the tag.
        public let key: String
        /// The value of the tag.
        public let value: String?

        @inlinable
        public init(key: String, value: String? = nil) {
            self.key = key
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.key, name: "key", parent: name, max: 128)
            try self.validate(self.key, name: "key", parent: name, min: 1)
            try self.validate(self.value, name: "value", parent: name, max: 256)
            try self.validate(self.value, name: "value", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
            case value = "Value"
        }
    }

    public struct TagResourceInput: AWSEncodableShape {
        /// The KeyARN of the key whose tags are being updated.
        public let resourceArn: String
        /// One or more tags. Each tag consists of a tag key and a tag value. The tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the new one.  Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.  To use this parameter, you must have TagResource permission in an IAM policy.  Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
        public let tags: [Tag]

        @inlinable
        public init(resourceArn: String, tags: [Tag]) {
            self.resourceArn = resourceArn
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 150)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 70)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:key/[0-9a-zA-Z]{16,64}$")
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 200)
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "ResourceArn"
            case tags = "Tags"
        }
    }

    public struct TagResourceOutput: AWSDecodableShape {
        public init() {}
    }

    public struct TrustedCertificatePublicKey: AWSEncodableShape {
        /// The KeyARN of the root public key certificate or certificate chain that signs the trusted public key certificate import.
        public let certificateAuthorityPublicKeyIdentifier: String
        /// The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after a trusted public key is imported.
        public let keyAttributes: KeyAttributes
        /// Parameter information for trusted public key certificate import.
        public let publicKeyCertificate: String

        @inlinable
        public init(certificateAuthorityPublicKeyIdentifier: String, keyAttributes: KeyAttributes, publicKeyCertificate: String) {
            self.certificateAuthorityPublicKeyIdentifier = certificateAuthorityPublicKeyIdentifier
            self.keyAttributes = keyAttributes
            self.publicKeyCertificate = publicKeyCertificate
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, max: 322)
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, min: 7)
            try self.validate(self.certificateAuthorityPublicKeyIdentifier, name: "certificateAuthorityPublicKeyIdentifier", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$")
            try self.validate(self.publicKeyCertificate, name: "publicKeyCertificate", parent: name, max: 32768)
            try self.validate(self.publicKeyCertificate, name: "publicKeyCertificate", parent: name, min: 1)
            try self.validate(self.publicKeyCertificate, name: "publicKeyCertificate", parent: name, pattern: "^[^\\[;\\]<>]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityPublicKeyIdentifier = "CertificateAuthorityPublicKeyIdentifier"
            case keyAttributes = "KeyAttributes"
            case publicKeyCertificate = "PublicKeyCertificate"
        }
    }

    public struct UntagResourceInput: AWSEncodableShape {
        /// The KeyARN of the key whose tags are being removed.
        public let resourceArn: String
        /// One or more tag keys. Don't include the tag values. If the Amazon Web Services Payment Cryptography key doesn't have the specified tag key, Amazon Web Services Payment Cryptography doesn't throw an exception or return a response. To confirm that the operation succeeded, use the ListTagsForResource operation.
        public let tagKeys: [String]

        @inlinable
        public init(resourceArn: String, tagKeys: [String]) {
            self.resourceArn = resourceArn
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 150)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 70)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:key/[0-9a-zA-Z]{16,64}$")
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
            }
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, max: 200)
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "ResourceArn"
            case tagKeys = "TagKeys"
        }
    }

    public struct UntagResourceOutput: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateAliasInput: AWSEncodableShape {
        /// The alias whose associated key is changing.
        public let aliasName: String
        /// The KeyARN for the key that you are updating or removing from the alias.
        public let keyArn: String?

        @inlinable
        public init(aliasName: String, keyArn: String? = nil) {
            self.aliasName = aliasName
            self.keyArn = keyArn
        }

        public func validate(name: String) throws {
            try self.validate(self.aliasName, name: "aliasName", parent: name, max: 256)
            try self.validate(self.aliasName, name: "aliasName", parent: name, min: 7)
            try self.validate(self.aliasName, name: "aliasName", parent: name, pattern: "^alias/[a-zA-Z0-9/_-]+$")
            try self.validate(self.keyArn, name: "keyArn", parent: name, max: 150)
            try self.validate(self.keyArn, name: "keyArn", parent: name, min: 70)
            try self.validate(self.keyArn, name: "keyArn", parent: name, pattern: "^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:key/[0-9a-zA-Z]{16,64}$")
        }

        private enum CodingKeys: String, CodingKey {
            case aliasName = "AliasName"
            case keyArn = "KeyArn"
        }
    }

    public struct UpdateAliasOutput: AWSDecodableShape {
        /// The alias name.
        public let alias: Alias

        @inlinable
        public init(alias: Alias) {
            self.alias = alias
        }

        private enum CodingKeys: String, CodingKey {
            case alias = "Alias"
        }
    }

    public struct WrappedKey: AWSDecodableShape {
        /// The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
        public let keyCheckValue: String?
        /// The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
        public let keyCheckValueAlgorithm: KeyCheckValueAlgorithm?
        /// Parameter information for generating a wrapped key using TR-31 or TR-34 skey exchange method.
        public let keyMaterial: String
        /// The key block format of a wrapped key.
        public let wrappedKeyMaterialFormat: WrappedKeyMaterialFormat
        /// The KeyARN of the wrapped key.
        public let wrappingKeyArn: String

        @inlinable
        public init(keyCheckValue: String? = nil, keyCheckValueAlgorithm: KeyCheckValueAlgorithm? = nil, keyMaterial: String, wrappedKeyMaterialFormat: WrappedKeyMaterialFormat, wrappingKeyArn: String) {
            self.keyCheckValue = keyCheckValue
            self.keyCheckValueAlgorithm = keyCheckValueAlgorithm
            self.keyMaterial = keyMaterial
            self.wrappedKeyMaterialFormat = wrappedKeyMaterialFormat
            self.wrappingKeyArn = wrappingKeyArn
        }

        private enum CodingKeys: String, CodingKey {
            case keyCheckValue = "KeyCheckValue"
            case keyCheckValueAlgorithm = "KeyCheckValueAlgorithm"
            case keyMaterial = "KeyMaterial"
            case wrappedKeyMaterialFormat = "WrappedKeyMaterialFormat"
            case wrappingKeyArn = "WrappingKeyArn"
        }
    }

    public struct DiffieHellmanDerivationData: AWSEncodableShape {
        /// A string containing information that binds the ECDH derived key to the two parties involved or to the context of the key. It may include details like identities of the two parties deriving the key, context of the operation, session IDs, and optionally a nonce. It must not contain zero bytes. It is not recommended to reuse shared information for multiple ECDH key derivations, as it could result in derived key material being the same across different derivations.
        public let sharedInformation: String?

        @inlinable
        public init(sharedInformation: String? = nil) {
            self.sharedInformation = sharedInformation
        }

        public func validate(name: String) throws {
            try self.validate(self.sharedInformation, name: "sharedInformation", parent: name, max: 2048)
            try self.validate(self.sharedInformation, name: "sharedInformation", parent: name, min: 2)
            try self.validate(self.sharedInformation, name: "sharedInformation", parent: name, pattern: "^(?:[0-9a-fA-F][0-9a-fA-F])+$")
        }

        private enum CodingKeys: String, CodingKey {
            case sharedInformation = "SharedInformation"
        }
    }
}

// MARK: - Errors

/// Error enum for PaymentCryptography
public struct PaymentCryptographyErrorType: AWSErrorType {
    enum Code: String {
        case accessDeniedException = "AccessDeniedException"
        case conflictException = "ConflictException"
        case internalServerException = "InternalServerException"
        case resourceNotFoundException = "ResourceNotFoundException"
        case serviceQuotaExceededException = "ServiceQuotaExceededException"
        case serviceUnavailableException = "ServiceUnavailableException"
        case throttlingException = "ThrottlingException"
        case validationException = "ValidationException"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize PaymentCryptography
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// You do not have sufficient access to perform this action.
    public static var accessDeniedException: Self { .init(.accessDeniedException) }
    /// This request can cause an inconsistent state for the resource.
    public static var conflictException: Self { .init(.conflictException) }
    /// The request processing has failed because of an unknown error, exception, or failure.
    public static var internalServerException: Self { .init(.internalServerException) }
    /// The request was denied due to an invalid resource error.
    public static var resourceNotFoundException: Self { .init(.resourceNotFoundException) }
    /// This request would cause a service quota to be exceeded.
    public static var serviceQuotaExceededException: Self { .init(.serviceQuotaExceededException) }
    /// The service cannot complete the request.
    public static var serviceUnavailableException: Self { .init(.serviceUnavailableException) }
    /// The request was denied due to request throttling.
    public static var throttlingException: Self { .init(.throttlingException) }
    /// The request was denied due to an invalid request error.
    public static var validationException: Self { .init(.validationException) }
}

extension PaymentCryptographyErrorType: AWSServiceErrorType {
    public static let errorCodeMap: [String: AWSErrorShape.Type] = [
        "ResourceNotFoundException": PaymentCryptography.ResourceNotFoundException.self
    ]
}

extension PaymentCryptographyErrorType: Equatable {
    public static func == (lhs: PaymentCryptographyErrorType, rhs: PaymentCryptographyErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension PaymentCryptographyErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
